Introducing XSSDB

In a recent post David K suggested that the XSS cheat sheet hosted at ha.ckers.org is not as accessible as it should be.

RSnake, I didn't even know this attack vector was in your cheat sheet and I have been through it loads of times - A table of contents might be cool.

Over the weekend I composed a simple AJAX applications to provide a better way of previewing all attack vectors from RSnake's Cross-site scripting cheat sheet. RSnake has been working on it for quite long time and I really like what he has done so far.

I am planning to extend the attack database with some of my own findings, keeping the original database updated and intact. I am also working on some features that will allow user submissions so the community is able to provide some feedback as well.

Any comments and suggestions will be greatly appreciated. Currently XSSDB works in Firefox only. The application almost works in IE6 and IE7. There seams to be something wrong with Opera.

Archived Comments

daniel

Also happily works in Safari/Camino and FF

pdp

hi daniel, that's great news. How about the CSS? Is it working correctly? Do you have any suggestions or recommendations? Thanks.

clon

exellent job tested in opera 9.02 working nice and your blog is very good Congratulations!

Steve Christey

kudos to you and Rsnake for a great layout, and for giving names to these attacks. This is the best classification of XSS I've seen so far.

shyaam

THIS IS AWESOME WORK...

help

All of the cheat sheet content disappeared. Can you fix it?